It exploits the vulnerability MS08-067 in the Windows Server Service in order to spread itself. It also spreads through shared and removable drives. It reduces considerably the protection level of the computer, modifies the security policies of the user accounts and attempts to download another type of malware to the affected computer.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:

Dec. 31, 2008

Detection updated on:

June 18, 2010

Statistics

No

Proactive protection:

Yes, using TruPrevent Technologies

Brief Description

Conficker.C is a worm which exploits a vulnerability in the Windows Server Service which allows remote code execution. It is the vulnerability MS08-067.

If the system date is after January 1, 2009, it will try to connect to a certain website in order to download and run another type of malware in the affected computer.

On the one hand, it reduces considerably the protection level of the computer, as it prevents the user and the computer from connecting to many websites related to antivirus companies.

On the other, it uses weak passwords to access the user accounts in order to modify their security policies.

Conficker.C spreads by exploiting the vulnerability MS08-067. In order to do so, it sends malformed RPC requests to other computers in which it attempts to enter a copy of itself. Additionally, it spreads through shared and removable drives.

It is highly recommended to download and apply the security patch for the vulnerability MS08-067. Access the web page for downloading the patch.

Visible Symptoms

Conficker.C is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.